Privacy Policy
How OdoReach collects, uses, and protects your data.
Last updated: March 2026 | Effective date: March 14, 2026
1. Information We Collect
Account Information
When you create an OdoReach account, we collect:
- • Your full name and email address
- • Company name and business details
- • Phone number (if provided)
- • GST certificate or business registration details
- • Payment and billing information
WhatsApp Business Data
To operate your WhatsApp campaigns, we access:
- • Your WhatsApp Business Phone Number
- • Message content you send via OdoReach
- • Contact lists and customer phone numbers you import
- • Message delivery status and read receipts
- • Incoming customer messages and conversations
Usage Data
We automatically collect:
- • IP address and device information
- • Browser type and pages you visit
- • Time and date of activities
- • Campaign performance metrics
- • Login and logout times
2. How We Use Your Data
To Provide Services: Send your WhatsApp campaigns, manage inbox conversations, track delivery, generate reports.
To Process Payments: Charge subscription fees, manage wallet balance, process refunds via Razorpay.
To Improve Services: Analyze usage patterns, fix bugs, improve performance, add new features.
For Communication: Send system updates, billing information, support responses, product announcements.
For Legal Compliance: Comply with government regulations, Meta's requirements, and prevent fraud.
3. Data Sharing & Third Parties
We share your data with:
- Meta (WhatsApp): Message content, phone number, delivery status (required to operate WhatsApp API)
- Razorpay: Payment information and billing details (PCI DSS compliant)
- Supabase: Your account data and database (encrypted at rest)
- Resend: Your email for transactional notifications (welcome, receipts, updates)
- Vercel: Application logs and performance data
Important: We NEVER sell your data to third parties. We only share data necessary to operate the platform and comply with regulations.
4. Data Security
OdoReach takes data security seriously:
- ✓ HTTPS Encryption: All data in transit is encrypted using SSL/TLS
- ✓ Database Encryption: Supabase encrypts data at rest
- ✓ Secure Authentication: Passwords hashed, session tokens secure
- ✓ Access Controls: Only authorized staff can access production data
- ✓ Regular Backups: Data backed up daily for disaster recovery
- ✓ API Security: Rate limiting, token validation, input validation
Note: While we implement industry-standard security, no system is 100% secure. We cannot guarantee absolute security of your data.
5. Your Data Rights
Under Indian data protection laws, you have the right to:
- ✓ Access: Request a copy of all data we hold about you
- ✓ Rectification: Correct inaccurate personal information
- ✓ Deletion: Request deletion of your data (see Data Deletion page)
- ✓ Portability: Export your data in a readable format (CSV)
- ✓ Withdraw Consent: Stop using OdoReach anytime
To exercise these rights, email us at support@odoreach.com
6. Cookies & Tracking
OdoReach uses:
- • Session Cookies: To keep you logged in
- • Analytics Cookies: Vercel Analytics and Speed Insights (anonymous page views)
- • Preference Cookies: To remember your dashboard preferences
You can disable cookies in your browser settings, but some features may not work properly.
7. Retention & Deletion
How long we keep your data:
- • Active Account: Data retained while your account is active
- • After Deletion: Data deleted within 30 days (logs kept for 90 days for security)
- • Payment Records: Kept for 7 years for tax/legal compliance
To request account deletion, visit our Data Deletion page.
8. Changes to This Policy
We may update this privacy policy at any time. Significant changes will be announced via email. Continued use of OdoReach after changes means you accept the updated policy.
9. Contact Us
Last updated: March 2026